Complete this risk analysis evaluation to identify, quantify, prioritize, and manage risks by following the risk assessment guidelines:
- System(s) characterization.
- Threat & vulnerability identification.
- Control analysis (including evaluating the effectiveness of administrative, physical, and technical controls).
- Likelihood & impact analyses.
- Risk determination.
- Control recommendations.
- Results documentation.
- Inventory asset list and network diagram.
- ePHI internal and external sources and transmissions.
- Identification of where ePHI is created, received, maintained, and transmitted (including vendors, consultants, and third parties).
- Safeguards to prevent uses not permitted by the HIPAA Privacy Rule.
- Inclusion of any other compliance, integration, and maturity related reports or previously completed documentation.
- Verify individuals who evaluate technical controls have the necessary technical expertise.
- Deliver the Risk Assessment and Risk Analysis to Senior Level Management/Board of Directors/Governing body for review and approval including recommendations and costs associated with them.
- Maintain the Risk Assessment/Analysis documentation for at least 6 years.
- Maintain Assessment of Risks (ongoing as part of a change control process).
- Complete a risk analysis every year.
To discover how C-Suite IT can help your business, give us a call @ 860-836-1229, or click the button below and contact us today.
